Which of the following would be of GREATEST concern to the auditor?

CISA V2 0 Comments

An IS auditor is reviewing an organization’s information asset management process.

Which of the following would be of GREATEST concern to the auditor?
A . The process does not require specifying the physical locations of assets.
B . Process ownership has not been established.
C . The process does not include asset review.
D . Identification of asset value is not included in the process.

Answer: B

Explanation:

An IS auditor would be most concerned if process ownership has not been established for the information asset management process, as this would indicate a lack of accountability, responsibility, and authority for managing the assets throughout their lifecycle. The process owner should also ensure that the process is aligned with the organization’s objectives, policies, and standards. The process should require specifying the physical locations of assets, include asset review, and identify asset value, but these are less critical than establishing process ownership.

References: CISA Review Manual (Digital Version), Chapter 3, Section 3.3

Latest CISA Dumps Valid Version with 2694 Q&As

Latest And Valid Q&A | Instant Download | Once Fail, Full Refund

Instant Download CISA PDF     CISA Questions Online Training
Subscribe
Notify of
guest
0 Comments
Inline Feedbacks
View all comments